[Bug 1821250] [NEW] Drop setuid bit from /bin/ntfs-3g

Thu, 21 Mar 2019 14:41:11 -0700 

Public bug reported:

/bin/ntfs-3g has been installed as setuid-root since xenial, but this is
discouraged upstream (see https://www.tuxera.com/community/ntfs-3g-
faq/#useroption). As a hardening improvement, this should not be setuid.

This does break one use-case - unprivileged users will not be able to
mount NTFS image files. As far as I'm aware, there are no other use-
cases that are broken by this change. It doesn't affect automounting of
removable volumes or mounting of NTFS block devices (which unprivileged
users can't mount anyway). Administrators that want to allow
unprivileged users to mount NTFS image files can change the permissions
of /bin/ntfs-3g using dpkg-statoverride.

** Affects: ntfs-3g (Ubuntu)
     Importance: Undecided
     Assignee: Chris Coulson (chrisccoulson)
         Status: Fix Released

** Affects: ntfs-3g (Ubuntu Xenial)
     Importance: Undecided
     Assignee: Chris Coulson (chrisccoulson)
         Status: New

** Affects: ntfs-3g (Ubuntu Bionic)
     Importance: Undecided
     Assignee: Chris Coulson (chrisccoulson)
         Status: New

** Affects: ntfs-3g (Ubuntu Cosmic)
     Importance: Undecided
     Assignee: Chris Coulson (chrisccoulson)
         Status: New

** Also affects: ntfs-3g (Ubuntu Cosmic)
   Importance: Undecided
       Status: New

** Also affects: ntfs-3g (Ubuntu Bionic)
   Importance: Undecided
       Status: New

** Also affects: ntfs-3g (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Changed in: ntfs-3g (Ubuntu)
       Status: New => Fix Released

** Changed in: ntfs-3g (Ubuntu)
     Assignee: (unassigned) => Chris Coulson (chrisccoulson)

** Changed in: ntfs-3g (Ubuntu Xenial)
     Assignee: (unassigned) => Chris Coulson (chrisccoulson)

** Changed in: ntfs-3g (Ubuntu Bionic)
     Assignee: (unassigned) => Chris Coulson (chrisccoulson)

** Changed in: ntfs-3g (Ubuntu Cosmic)
     Assignee: (unassigned) => Chris Coulson (chrisccoulson)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1821250

Title:
  Drop setuid bit from /bin/ntfs-3g

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ntfs-3g/+bug/1821250/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to